CVE-2006-0082

EPSS 3.9%

imagemagick

Published: 1/4/2006Modified: 4/28/2026

Description

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.

Affected packages (3)

Debian/imagemagickfrom 0, < 6:6.2.4.5-0.6
Debian/imagemagickfrom 0, < 6:6.0.6.2-2.8
Debian/imagemagickfrom 0, < 6:6.0.6.2-2.8

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-0082